[Twisted-Python] Twisted 9.0.0?

Glyph Lefkowitz glyph at twistedmatrix.com
Thu Mar 4 09:31:33 MST 2010


On Mar 4, 2010, at 7:59 AM, Jonathan Lange wrote:
> On Thu, Mar 4, 2010 at 10:45 AM, Mark van Lent
> <m.van.lent at zestsoftware.nl> wrote:
>> Hi everyone!
>> I am a bit puzzled about the way new version of Twisted is released. Or
>> better: the way the old version seems to be taken out of service.
>> Last weeks I've been developing agains version Twisted 9.0.0. Yesterday I
>> wanted to deploy my code to my production server, but to my surprise I could
>> not easy_install that version anymore:
>> $ easy_install Twisted==9.0.0
>> Searching for Twisted==9.0.0
>> Reading http://pypi.python.org/simple/Twisted/
>> Reading http://www.twistedmatrix.com
>> Reading http://twistedmatrix.com/products/download
>> Reading http://twistedmatrix.com/projects/core/
>> Reading http://twistedmatrix.com/
>> No local packages or download links found for Twisted==9.0.0
>> Best match: None
>> (Okay, actually I'm using buildout to setup my environment, but the above
>> demonstrates my problem more clearly.)
>> I'm sure the new version of Twisted is better and improved but I still
>> wonder why version 9.0.0 has effectively been decommissioned. Or am I
>> missing something and is it still possible to easy_install version 9.0.0?
> 
> It's an oversight.

I think it's actually a bug in easy_install, or at least a mis-design.

To make something easy_installable, you don't provide structured information in PyPI; there may be a way to do that, but most packages I've seen (Twisted included) just provide a link to a page which then provides a link to a file with a filename of vaguely the appropriate shape.  easy_install works by screen-scraping that link.

In our case, the "home page", http://twistedmatrix.com, links directly to a Twisted-<version>.tar.bz2, which is then used.

If someone (perhaps Mark van Lent!) could point us at how to provide the correctly structured information to easy_install via PyPI so it will _stop_ screen-scraping our website, and just point at the correct files, this problem could be addressed.

However, as exarkun says: screen-scraping a plain-text wiki and then executing code out of whatever comes out of it is not the most reliable or secure way to deploy code.  You may want to specify the URL directly - you can still use easy_install for that if you want, like this:

    $ easy_install http://tmrc.mit.edu/mirror/twisted/Twisted/9.0/Twisted-9.0.0.tar.bz2

> I don't know how the PyPI announcement was done (although I'd love to!), but I think you can announce new versions without decommissioning old ones.


I assume you'll write it down on a web page, when you figure it out :).

The old version, from PyPI's perspective, wasn't decommissioned.  It's here: <http://pypi.python.org/pypi/Twisted/9.0.0>.  The problem is that it also just points at twistedmatrix.com, not a version-specific download page, and there is no Twisted-<version>.tar.bz2 which matches "9.0.0" any more.

(I believe that another way to fix this, although I would be significantly less happy about it, would be to add some hidden links to twistedmatrix.com that had the right filenames.  If this is a real problem for many users though, perhaps we should just live with an ugly fix.)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20100304/aa5a971a/attachment.html>


More information about the Twisted-Python mailing list